Status
I implemented:
- the five algorithms described in RFC6056
- a sysctl that selects the global algorithm to be used for all
sockets that do not make an explicit selection
- a socket option that allows choosing one of the algorithms
specifically for the current socket
- two small test program that allow sending a plain packet using
the globally selected algorithm or using the socket option to select
the algorithm (one for IPv4 and one for IPv6)
- full support for IPv4 and IPv6
- documentation in the form of man pages: a new page rfc6056(7) and
additions to sysctl(7) to describe the new syctls
TODO:
- export the socket option constant to an userspace header (must
decide which one)
Deliverables
Kernel code in netinet and netinet6 that implements RFC6056's port
randomization
Mandatory (must-have) components:
- The 5 algorithms presented in RFC 6056.
status: done
Optional (would-be-nice) components:
- A complete testing suite in order to check that each algorithm
works as expected.
status: we created the two small programs that test the port
selection algorithms. The kernel code includes numerous lines of code
comprising DPRINTF calls for debugging the behavior of the algorithms.
The test programs test a particularly relevant issue for the RFC
implementation, namely the support for early binding/late connection.
Documentation
We provided a manpage rfc6056(7) and added relevant information to sysctl(7)
Technical Details
New interfaces created:
sysctls:
- net.inet.udp.rfc6056.available shows the available algorithms
- net.inet.udp.rfc6056.selected selects one of the available algorithms
- net.inet6.udp6.rfc6056.available shows the available algorithms for IPv6
- net.inet6.udp6.rfc6056.selected selects one of the available algorithms for IPv6
Socket Options:
- UDP_RFC6056ALGO is a socket option at the IPPROTO_UDP level that allows
setting the algorithm for the current socket. It takes a string parameter
describing the name of the chosen algorithm.
Manpages: rfc6056(7) sysctl(7) . Must decide where to document the new socket option.
|
Vlad Balan <$student_email> |
$Id: index.html,v 1.5 2011/08/26 18:58:37 vladb38 Exp $ |
|